DerGrumpf/cyper-nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added Secrets for discord

Browse Source
This commit is contained in:
DerGrumpf
2026-05-27 22:06:56 +02:00
parent e7267282b6
commit d517e877f0
2 changed files with 27 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files
nixos/roles/matrix/discord-bridge.nix
+19 -3
View File
@@ -2,14 +2,20 @@
{ {
nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ]; nixpkgs.config.permittedInsecurePackages = [ "olm-3.2.16" ];
sops.secrets.discord_bot_token = { sops.secrets = {
discord_bot_token = {
owner = "mautrix-discord"; owner = "mautrix-discord";
group = "mautrix-discord"; group = "mautrix-discord";
}; };
sops.secrets.discord_client_id = { discord_client_id = {
owner = "mautrix-discord"; owner = "mautrix-discord";
group = "mautrix-discord"; group = "mautrix-discord";
}; };
discord_pickle_key = {
owner = "mautrix-discord";
group = "mautrix-discord";
};
};
systemd.services.mautrix-discord-env = { systemd.services.mautrix-discord-env = {
before = [ "mautrix-discord-registration.service" ]; before = [ "mautrix-discord-registration.service" ];
@@ -22,6 +28,7 @@
mkdir -p /run/mautrix-discord mkdir -p /run/mautrix-discord
echo "DISCORD_BOT_TOKEN=$(cat ${config.sops.secrets.discord_bot_token.path})" > /run/mautrix-discord/env echo "DISCORD_BOT_TOKEN=$(cat ${config.sops.secrets.discord_bot_token.path})" > /run/mautrix-discord/env
echo "DISCORD_CLIENT_ID=$(cat ${config.sops.secrets.discord_client_id.path})" >> /run/mautrix-discord/env echo "DISCORD_CLIENT_ID=$(cat ${config.sops.secrets.discord_client_id.path})" >> /run/mautrix-discord/env
echo "DISCORD_PICKLE_KEY=$(cat ${config.sops.secrets.discord_pickle_key.path})" >> /run/mautrix-discord/env
chmod 600 /run/mautrix-discord/env chmod 600 /run/mautrix-discord/env
chown mautrix-discord:mautrix-discord /run/mautrix-discord/env chown mautrix-discord:mautrix-discord /run/mautrix-discord/env
''; '';
@@ -66,7 +73,16 @@
}; };
}; };
}; };
encryption = {
allow = true;
default = true;
pickle_key = "$DISCORD_PICKLE_KEY";
verification_levels = {
receive = "unverified";
send = "unverified";
share = "cross-signed-tofu";
};
};
}; };
discord = { discord = {
client_id = "$DISCORD_CLIENT_ID"; client_id = "$DISCORD_CLIENT_ID";
secrets/secrets.yaml
+3 -2
View File
@@ -18,6 +18,7 @@ mjolnir_access_token: ENC[AES256_GCM,data:vvrAY9CAkEIGEzah+TQiwa6PahGuXVvU7wzBpT
coturn_static_auth_secret: ENC[AES256_GCM,data:7AI0E8Hu4WxI5q4j1GqBMSQ+evE006uPMtwIfGn4eFz+XB2JA6fhhiGMPPxSkqOyK+3eZJ5ahiG05JpmBmmAbw==,iv:hQJQQDVo43U7lvV754PC1THeFCpZZEyag+BslXyoDos=,tag:Vkm+IXr1h8ZNpah6UYaKng==,type:str] coturn_static_auth_secret: ENC[AES256_GCM,data:7AI0E8Hu4WxI5q4j1GqBMSQ+evE006uPMtwIfGn4eFz+XB2JA6fhhiGMPPxSkqOyK+3eZJ5ahiG05JpmBmmAbw==,iv:hQJQQDVo43U7lvV754PC1THeFCpZZEyag+BslXyoDos=,tag:Vkm+IXr1h8ZNpah6UYaKng==,type:str]
discord_bot_token: ENC[AES256_GCM,data:j37Qo3FCyRwNFqWSWpnQKCs+AxH5HlQ8U5If7ylHilQoORp8Pb3TtNETTJSjZyvUXllldevAbHrbAEEKnNfoUJx1U8/wl6H0,iv:WQqxFXTE+0LIB2lSvVcnr4LNXPE7uzNc0Kk8NU6Z/aE=,tag:fNeQLhoThEgfa4sSGKLZCw==,type:str] discord_bot_token: ENC[AES256_GCM,data:j37Qo3FCyRwNFqWSWpnQKCs+AxH5HlQ8U5If7ylHilQoORp8Pb3TtNETTJSjZyvUXllldevAbHrbAEEKnNfoUJx1U8/wl6H0,iv:WQqxFXTE+0LIB2lSvVcnr4LNXPE7uzNc0Kk8NU6Z/aE=,tag:fNeQLhoThEgfa4sSGKLZCw==,type:str]
discord_client_id: ENC[AES256_GCM,data:U/iUKXT6Nsl6LRN9lPh1xaIaqw==,iv:k7kQ8rJBrMs3YwD9aDfZ6qhd7H3aVsSPTOwEIxVTw2Y=,tag:2wKhxGbf+P+h3BYeWUSczA==,type:str] discord_client_id: ENC[AES256_GCM,data:U/iUKXT6Nsl6LRN9lPh1xaIaqw==,iv:k7kQ8rJBrMs3YwD9aDfZ6qhd7H3aVsSPTOwEIxVTw2Y=,tag:2wKhxGbf+P+h3BYeWUSczA==,type:str]
discord_pickle_key: ENC[AES256_GCM,data:6j1pBQxmK8kFELSBBeJ0FwzAHz1GTGhxQwrvhlLtiU9+HICBBJqmFra1veZSO4yLchye/yPZ9Ha7oau+SgOI6w==,iv:YcTQQFcfLK33CpZnhEiKkt71e4ziarGKPyt7mmdQ+NA=,tag:AJRD4xYvYOZ0L1Xo+O+aGg==,type:str]
pg_replication_password: ENC[AES256_GCM,data:w2h07D+j3LNkcbvoKQ2Qp3HSvC2Wf5HRAPAo/HNhmUkHBOaDyILNxo7IDjqajv0jytpG7q4joCJQhS7tEUlA9Q==,iv:26ZurAq61IDqGdAl0yPpoTJElo93hJJIEUlza4DGDNc=,tag:a46FOKgeqEEZE+rC+H9NbQ==,type:str] pg_replication_password: ENC[AES256_GCM,data:w2h07D+j3LNkcbvoKQ2Qp3HSvC2Wf5HRAPAo/HNhmUkHBOaDyILNxo7IDjqajv0jytpG7q4joCJQhS7tEUlA9Q==,iv:26ZurAq61IDqGdAl0yPpoTJElo93hJJIEUlza4DGDNc=,tag:a46FOKgeqEEZE+rC+H9NbQ==,type:str]
kanidm_gitea_secret: ENC[AES256_GCM,data:RavtSb5BaJGwwLB/oGzG/KK2AyV+IzEjihVxnD3/dVnxmxcG+CITIYPLvFUJjmvY,iv:Cg8dAhtJXDvRGULIkpWAyuhhlLEdvN+4lyjHPR/740I=,tag:8kMGrOjXEA4GWSLlP7oIkA==,type:str] kanidm_gitea_secret: ENC[AES256_GCM,data:RavtSb5BaJGwwLB/oGzG/KK2AyV+IzEjihVxnD3/dVnxmxcG+CITIYPLvFUJjmvY,iv:Cg8dAhtJXDvRGULIkpWAyuhhlLEdvN+4lyjHPR/740I=,tag:8kMGrOjXEA4GWSLlP7oIkA==,type:str]
gitea: gitea:
@@ -38,7 +39,7 @@ sops:
N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9 N3I5dzUwc3JtYzczMUhyT04vSHlZamMKT+FzYcDLmlEFYxm/XoBpJb8XaZzBH1v9
6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w== 6fuez+zApathZfl14w41kAUojPWBznnxDqYtNvzVVLXwnpp3BMx+7w==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2026-05-20T08:25:30Z" lastmodified: "2026-05-27T19:38:22Z"
mac: ENC[AES256_GCM,data:rh4FcdDtUVvEvv/0XR/J62SgRlv/c0Wve4IIjlr3jItdPkIIkncX+ychxwSIqQEzcQD4BO6MJ7Ex1HXcOP0+5pg3Qvysj+J8y5JGpoIi2dAGh9A7uzMG/cOQD4TuUAQl+HsO6U9b/hrJg6qwyqxrvsupEkH4c7zCb7WbpZfn0o0=,iv:ZQ59dQXJqvLIqlyJmHCByF12Oi6e9vp9ikGGIERIyQE=,tag:Mgbxhu7rOdiHFv+EoYAPuA==,type:str] mac: ENC[AES256_GCM,data:oHpPWV/tK6nWdqUdzCjyNWW6hhzJpy2QSxvGoTDkk20L8O89K2ee7xfMmFVLYc6t/Kvd4nb12RcwYBV/5EEB9bBtn0IMGILsOKHV74iWYbWF+3Nd1mwtWngKj/ILd4cmMdNmXtRnIv6C4dR1P97ezVRqXqoFg094Pty8BZLmYx0=,iv:YwDNYOjGK31BL7FzlF7g2JqVMYmCEbTILYJeCA1Reig=,tag:Tx7CvuESuTihRYKE5A4aFQ==,type:str]
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.12.2 version: 3.12.2